Multiple vulnerabilities in IBM Spectrum Protect Plus



Published: 2023-03-20 | Updated: 2024-06-26
Risk Medium
Patch available YES
Number of vulnerabilities 16
CVE-ID CVE-2022-2639
CVE-2022-4379
CVE-2021-3640
CVE-2022-28390
CVE-2022-1184
CVE-2022-29581
CVE-2022-36946
CVE-2022-1055
CVE-2022-0168
CVE-2022-2964
CVE-2022-2586
CVE-2022-2078
CVE-2022-24448
CVE-2022-1353
CVE-2020-36558
CVE-2022-0494
CWE-ID CWE-191
CWE-416
CWE-415
CWE-911
CWE-20
CWE-476
CWE-787
CWE-119
CWE-909
CWE-200
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Public exploit code for vulnerability #7 is available.
Vulnerability #11 is being exploited in the wild.
Public exploit code for vulnerability #12 is available.
Vulnerable software
Subscribe
IBM Spectrum Protect Plus
Server applications / Other server solutions

Vendor IBM Corporation

Security Bulletin

This security bulletin contains information about 16 vulnerabilities.

1) Integer underflow

EUVDB-ID: #VU66812

Risk: Low

CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2022-2639

CWE-ID: CWE-191 - Integer underflow

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer underflow within the reserve_sfa_size() function in the openvswitch kernel module in Linux kernel. A local user can trigger an out-of-bounds read error and crash the system or escalate privileges.


Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Spectrum Protect Plus: 10.1.0.0 - 10.1.13.1

CPE2.3 External links

http://www.ibm.com/support/pages/node/6963936


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Use-after-free

EUVDB-ID: #VU71583

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-4379

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the __nfs42_ssc_open() function in fs/nfs/nfs4file.c. A remote attacker can perform a denial of service (DoS) attack.


Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Spectrum Protect Plus: 10.1.0.0 - 10.1.13.1

CPE2.3 External links

http://www.ibm.com/support/pages/node/6963936


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use-after-free

EUVDB-ID: #VU63769

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3640

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in sco_sock_sendmsg() function of the Linux kernel HCI subsystem. A privileged local user can call ioct UFFDIO_REGISTER or other way trigger race condition to escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Spectrum Protect Plus: 10.1.0.0 - 10.1.13.1

CPE2.3 External links

http://www.ibm.com/support/pages/node/6963936


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Double Free

EUVDB-ID: #VU63164

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-28390

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code with elevated privileges.

The vulnerability exists due to boundary error in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c. A local user can pass specially crafted data to the application, trigger double free error and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Spectrum Protect Plus: 10.1.0.0 - 10.1.13.1

CPE2.3 External links

http://www.ibm.com/support/pages/node/6963936


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Use-after-free

EUVDB-ID: #VU64438

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-1184

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service attack.

The vulnerability exists due to a use-after-free error in fs/ext4/namei.c:dx_insert_block() function in the Linux kernel’s filesystem sub-component.. A local user can trigger use-after-free and perform a denial of service attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Spectrum Protect Plus: 10.1.0.0 - 10.1.13.1

CPE2.3 External links

http://www.ibm.com/support/pages/node/6963936


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper update of reference count

EUVDB-ID: #VU63496

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-29581

CWE-ID: CWE-911 - Improper Update of Reference Count

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper update of reference count in net/sched in Linux kernel. A local user can execute arbitrary code with root privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Spectrum Protect Plus: 10.1.0.0 - 10.1.13.1

CPE2.3 External links

http://www.ibm.com/support/pages/node/6963936


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Input validation error

EUVDB-ID: #VU66476

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2022-36946

CWE-ID: CWE-20 - Improper input validation

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the nfqnl_mangle() function in net/netfilter/nfnetlink_queue.c in the Linux kernel when processing IPv6 packets. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Spectrum Protect Plus: 10.1.0.0 - 10.1.13.1

CPE2.3 External links

http://www.ibm.com/support/pages/node/6963936


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

8) Use-after-free

EUVDB-ID: #VU61765

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-1055

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tc_new_tfilter in Linux kernel. A local user can run a specially crafted program to trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Spectrum Protect Plus: 10.1.0.0 - 10.1.13.1

CPE2.3 External links

http://www.ibm.com/support/pages/node/6963936


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) NULL pointer dereference

EUVDB-ID: #VU63789

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0168

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the Linux kernel’s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS). A privileged (CAP_SYS_ADMIN) attacker can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Spectrum Protect Plus: 10.1.0.0 - 10.1.13.1

CPE2.3 External links

http://www.ibm.com/support/pages/node/6963936


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Out-of-bounds write

EUVDB-ID: #VU67811

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-2964

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices driver in Linux kernel. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Spectrum Protect Plus: 10.1.0.0 - 10.1.13.1

CPE2.3 External links

http://www.ibm.com/support/pages/node/6963936


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Use-after-free

EUVDB-ID: #VU66396

Risk: Low

CVSSv3.1: 7.5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2022-2586

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the the netfilter subsystem implementation in Linux kernel when preventing one nft object from referencing an nft set in another nft table. A local user can trigger a use-after-free error and execute arbitrary code on the system with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Spectrum Protect Plus: 10.1.0.0 - 10.1.13.1

CPE2.3 External links

http://www.ibm.com/support/pages/node/6963936


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

12) Buffer overflow

EUVDB-ID: #VU65642

Risk: Low

CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2022-2078

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the nft_set_desc_concat_parse() function in Linux kernel. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.


Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Spectrum Protect Plus: 10.1.0.0 - 10.1.13.1

CPE2.3 External links

http://www.ibm.com/support/pages/node/6963936


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

13) Missing initialization of resource

EUVDB-ID: #VU61211

Risk: Low

CVSSv3.1: 3.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-24448

CWE-ID: CWE-909 - Missing initialization of resource

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to missing initialization of resource within the fs/nfs/dir.c in the Linux kernel. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Spectrum Protect Plus: 10.1.0.0 - 10.1.13.1

CPE2.3 External links

http://www.ibm.com/support/pages/node/6963936


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Information disclosure

EUVDB-ID: #VU63388

Risk: Low

CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-1353

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application in the pfkey_register function in net/key/af_key.c in the Linux kernel. A local user can gain unauthorized access to kernel memory, leading to a system crash or a leak of internal kernel information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Spectrum Protect Plus: 10.1.0.0 - 10.1.13.1

CPE2.3 External links

http://www.ibm.com/support/pages/node/6963936


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) NULL pointer dereference

EUVDB-ID: #VU66589

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-36558

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the Linux kernel before 5.5.7 involving a VT_RESIZEX. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Spectrum Protect Plus: 10.1.0.0 - 10.1.13.1

CPE2.3 External links

http://www.ibm.com/support/pages/node/6963936


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Information disclosure

EUVDB-ID: #VU64259

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0494

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output in the scsi_ioctl() function in drivers/scsi/scsi_ioctl.c in the Linux kernel. A local user with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) can gain unauthorized access to sensitive information on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Spectrum Protect Plus: 10.1.0.0 - 10.1.13.1

CPE2.3 External links

http://www.ibm.com/support/pages/node/6963936


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###